On 10/31/05, drobinson <[EMAIL PROTECTED]> wrote:
> Regarding SFTP client/server setup:
>
> -Can you fix the layer 4 port number to 21 on the server/client side in order
> to
> avoid port transient net devices dropping port 22
You can move your SSH service to port 21, but this means that all
clients will need to
specifiy to connect to port 21. Port 21 is allocated for FTP, not SSH.
Clients would have to "sftp -p 21 ...", instead of just "sftp ...".
>
> -Does SFTP encrypt payload?
Yes
>
> -Does it use UDP/TCP?
TCP only
>
> -Can you fully utilize a given bandwidth (i.e. 512kbit circuit) with one
> session?
Yes, with the constraint that the endpoints need enough power to
handle the encryption
overhead. There are scaling issues for very high bandwidth (upwards
of DS3). This
deals with blocking issues within the SSH tunnel and TCP window issues.
SFTP is not FTP. It is a File Transfer Protocol, not THE File
Transfer Protocol.
It works by connecting to the SSH server. Then once connected and
authenticated, it
requests a new channel with the SFTP service. Everything is tunneled
across a single
SSH connection. (A single TCP connection.)
So, SFTP runs on top of SSH.
The SFTP client mimics the look and feal of the standard FTP client
for ease of use.
Do not get it mixed up with FTPS. FTPS is the legacy FTP with TLS
(Transport Layer Security) thrown in. FTPS uses two TCP connections. (Command
and data) FTPS cannot go through a state based firewall. State based
firewalls look
into the command connection to find the negotiation for the data
connection. When
it sees this, it can precreate a state for the data connection to
pass. But, with FTPS
this negotiation is encrypted, so the firewall fails to allow the data
connection.
--
And, did Guloka think the Ulus were too ugly to save?
-Centauri
